“If you know the enemy and know yourself,
you need not fear the result of a hundred battles.
If you know yourself but not the enemy,
for every victory gained you will also suffer a defeat.
If you know neither the enemy nor yourself,
you will succumb in every battle.”
~ 6th century BC, the great Chinese general Sun Tzu
Make no mistake about it: when it comes to online security, we are at war with a skilled and determined enemy. How YOU Protect You teaches you to know yourself by comparing your digital lifestyle and habits with those we strongly suggest. Below, we will help you better know the enemy so you can overcome them.
Who are they?
When we say the word “hacker”, “fraudster”, or “cybercriminal”, what images does it conjure? A geeky guy with unkempt hair and glasses? Some slickly dressed but somehow smarmy “snake-oil salesman”? A kid with too much time on her hands? While we are certain that some hackers, fraudsters, and cybercriminals fit those perceptions, who they really are might surprise you.
Hackers are not just freelance computer geeks making a score here and there and spending the money on video games. Most of these cybercriminals are highly intelligent, highly motivated, highly educated, and highly paid. Some work for nations like China, Nigeria, Iran, and North Korea; terrorist organizations like Al-Quaeda; or “hack‑tivist” groups like Anonymous, Lizard Squad, Syrian Electronic Army, and TeaMp0isoN. Others work for organized criminal enterprises like the Russian Mafia. Still others are employed by corporations, hired to steal information from competitors.
Cybercrime is big business. Jeff Multz, a world-renowned security evangelist, frequently reminds us that if all the annual revenues from online theft were combined into a single company, it would be the largest corporation in the world, dwarfing behemoths like Big Oil and Wal‑Mart. Where do all these revenues come from? From people like you. Just like you. And if you are not very careful, you may end up contributing directly to their success.
It is a sobering thought, but as the saying goes, forewarned is forearmed. Know your enemy and you can overcome him.
Now that you know who the Bad Guys are, let’s look at some of the tactics they use against you. Bear in mind that this is a general overview; new tactics are being developed all the time. However, the overall strategy remains the same: to take what belongs to you for themselves.
Remember that, fundamentally, these are con artists, masquerading as something favorable or benign. When a website, email, phone call, or text comes from the Bad Guys, these trademark tactics can tip their hand:
- Gaining your confidence: The fraudster will claim to be from the Bank or other organization you know and trust
- Presenting a believable situation: “Click Here to be directed to our new site to verify your information!” or “We are doing a system upgrade and need to confirm your information”
- Invoking high-pressure claims (or threats): Often using fear, they attempt to create a sense of urgency, claiming for example: “If we don’t confirm your debit card number, your card will be deactivated!”
- Faking a resolution afterwards: You might get a “Thank You” or “Virus Removed” message…or nothing at all!
IT folks, for whatever reason, are not the world’s greatest spellers. Phishing (pronounced “fishing”) is a technique where the cybercriminal sends an email message that contains a link to a malicious site or an attachment with malware hidden within it.
This is a newer form of malware that tricks you into installing a virus on your computer. There are many variations on how scamware manifests itself, but here is an example:
A message appears on your computer stating, “You’ve been infected with SomeSuperVirus” and telling you to “Click Here” so “Windows Security Program” will remove it and scan your system to be sure it’s safe. You are asked to pay $29.95 (or a similar figure) to download the program that “fixes” it. Of course, the virus that the scamware “detects” is fake, and the program you download and pay for is more spyware — when it “removes” the nonexistent virus, it’s actually installing lots of undetected malware on your system.
Vishing is phishing over a phone call (hence the “v” for “voice”). The fraudster calls, pretending to be from the Bank, and asks for personal information. Remember, the Bank already has your information! Although we will ask you to identify yourself with personal information if you call us (since hackers try to scam us, too), we will never call, email, or text you out of the blue to request information we already have.
This technique is a newer and more aggressive form of malware. Ransomware takes over your computer and locks it down so you cannot use it unless you pay the hacker. For example, you might get an FBI logo popping up with a message stating that illegal content has been found on your computer, and if you pay a fine, they’ll delete it for you. These “fines” are pricy, in the hundreds of dollars. Of course, paying the hacker doesn’t always solve the problem…and now they have your credit card number!
It is important to remember that, in the first few hours and days of a new malware attack, it seems impossible to overcome if you’ve been infected. NEVER PANIC — don’t give the thieves what they want. Fixes DO come out for these attacks, and most of the time, your computer can be rescued. Once you’ve given your information out, however, it’s out there and cannot be retrieved!
SMiShing is a term for phishing over text (SMS). The fraudster will send a text message to your cell phone, pretending to be from the Bank, and try to trick you into clicking a link or texting information back to him.
Beware of letters in the mail that contain checks, calls claiming you’ve won the Canadian Lottery, faxes, Secret Shopper ads, and other older technology communications that promise you large sums of money for a small, up-front fee. As a general rule, do not give out information or your debit card number as a response to unsolicited communications.